Privacy policy

1. What this policy covers

This policy applies to the Rovyo mobile app, our marketing website at rovyo.app, and any services that link to it. It describes what we collect, why, how long we keep it, and what rights you have.

2. Information we collect

Account information

• Phone number: required for verification via OTP.
• Display name and avatar: optional, set by you.
• Country and language preference: auto-detected from your device, editable in Settings.

Ride information

• Trip name, destination, start time, waypoints: provided when you create a ride.
• Live GPS location, speed, heading, and battery level: collected only while you are an active member of a live ride.
• Group chat messages, pinned places, break suggestions.

Device and technical data

• Device model, OS version, app version, push notification token.
• Crash diagnostics (via Sentry): does not include location.
• Anonymous product analytics (via Mixpanel): feature usage, never raw location.

3. Why we collect it

• Run the product: show your group your live position, compute ETA, route the convoy.
• Safety: relay SOS to your group and emergency contact.
• Improve the app: anonymous, aggregated analytics for feature decisions.
• Comply with the law: respond to lawful requests, resolve disputes, enforce our terms.

4. Mutual consent and event scope

Sharing is always mutual: both sides accept before either sees the other. Location is only shared while a ride is active. Outside of an active ride, the app does not transmit your position. A persistent in-app indicator shows when location is being broadcast.

5. Who we share it with

We do not sell personal data to anyone, ever. We share limited data with:

• Other ride members: only data relevant to the ride (location, ETA, chat messages).
• Service providers under contract: Twilio (OTP), Stripe / Razorpay (payments), AWS (hosting), Sentry (crash), Mixpanel (analytics), Firebase (push). Each is bound by a data-processing agreement.
• Authorities: only when compelled by valid legal process.

6. Data retention

We keep account data for as long as your account exists. Ride content is retained according to the in-app schedule shown when you create the ride. Anonymous analytics is retained in aggregated form indefinitely.

7. Your rights

Depending on where you live, you have the right to access, correct, port, restrict, or delete your personal data. You can exercise these in-app under Settings → Privacy, or by emailing privacy@rovyo.app. We respond within 30 days.

8. Security

All traffic uses TLS in transit. Tokens are stored in the OS secure enclave (Keychain on iOS, Keystore on Android). We pin certificates and rate-limit authentication endpoints.

9. International transfers

Rovyo operates on AWS with primary infrastructure in Mumbai (ap-south-1). EU and US data may be processed in Ireland (eu-west-1) and Virginia (us-east-1) respectively, with standard contractual clauses where applicable.

10. Children

Rovyo is not designed for children. You must be at least 18 to create an account.

11. Changes to this policy

We will notify you in-app and update the "last updated" date at the top of this page when we make material changes.

12. Contact

Privacy questions: privacy@rovyo.app. EU representative: eu-rep@rovyo.app. India grievance officer: grievance@rovyo.app.